Some vet fixes

helper/keysutil/policy.go

@@ -953,8 +953,6 @@ func (p *Policy) VerifySignature(context, input []byte, sig, algorithm string) (
 	default:
 		return false, errutil.InternalError{Err: fmt.Sprintf("unsupported key type %v", p.Type)}
 	}
-
-	return false, errutil.InternalError{Err: "no valid key type found"}
 }
 
 func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) error {

helper/proxyutil/proxyutil.go

@@ -36,7 +36,7 @@ func (p *ProxyProtoConfig) SetAuthorizedAddrs(addrs interface{}) error {
 		for _, v := range addrs.([]interface{}) {
 			stringAddr, ok := v.(string)
 			if !ok {
-				return fmt.Errorf("error parsing %q as string")
+				return fmt.Errorf("error parsing %v as string", v)
 			}
 			stringAddrs = append(stringAddrs, stringAddr)
 		}

helper/strutil/strutil_test.go

@@ -349,7 +349,7 @@ func TestGlobbedStringsMatch(t *testing.T) {
 		actual := GlobbedStringsMatch(tc.item, tc.val)
 
 		if actual != tc.expect {
-			t.Fatalf("Bad testcase %#v, expected %b, got %b", tc, tc.expect, actual)
+			t.Fatalf("Bad testcase %#v, expected %t, got %t", tc, tc.expect, actual)
 		}
 	}
 }

http/sys_wrapping_test.go

@@ -310,7 +310,7 @@ func TestHTTP_Wrapping(t *testing.T) {
 
 	// Check for correct CreationPath before rewrap
 	if wrapInfo.CreationPath != "secret/foo" {
-		t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath)
+		t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath)
 	}
 
 	// Test rewrapping
@@ -323,7 +323,7 @@ func TestHTTP_Wrapping(t *testing.T) {
 
 	// Check for correct Creation path after rewrap
 	if wrapInfo.CreationPath != "secret/foo" {
-		t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath)
+		t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath)
 	}
 
 	// Should be expired and fail

logical/framework/path_map_test.go

@@ -271,7 +271,7 @@ func testSalting(t *testing.T, ctx context.Context, storage logical.Storage, sal
 		Value: []byte(`{"foo": "bar"}`),
 	})
 	if err != nil {
-		t.Fatal("err: %v", err)
+		t.Fatalf("err: %v", err)
 	}
 	// A read should transparently upgrade
 	resp, err = b.HandleRequest(ctx, &logical.Request{

logical/plugin/pb/translation_test.go

@@ -31,7 +31,7 @@ func TestTranslation_Errors(t *testing.T) {
 		e := ProtoErrToErr(pe)
 
 		if !reflect.DeepEqual(e, err) {
-			t.Fatal("Errs did not match: %#v, %#v", e, err)
+			t.Fatalf("Errs did not match: %#v, %#v", e, err)
 		}
 	}
 }
@@ -49,7 +49,7 @@ func TestTranslation_StorageEntry(t *testing.T) {
 		e := ProtoStorageEntryToLogicalStorageEntry(p)
 
 		if !reflect.DeepEqual(c, e) {
-			t.Fatal("Entries did not match: %#v, %#v", e, c)
+			t.Fatalf("Entries did not match: %#v, %#v", e, c)
 		}
 	}
 }

physical/inmem/inmem_ha.go

@@ -11,7 +11,7 @@ import (
 type InmemHABackend struct {
 	physical.Backend
 	locks  map[string]string
-	l      sync.Mutex
+	l      *sync.Mutex
 	cond   *sync.Cond
 	logger log.Logger
 }
@@ -32,8 +32,9 @@ func NewInmemHA(_ map[string]string, logger log.Logger) (physical.Backend, error
 		Backend: be,
 		locks:   make(map[string]string),
 		logger:  logger,
+		l:       new(sync.Mutex),
 	}
-	in.cond = sync.NewCond(&in.l)
+	in.cond = sync.NewCond(in.l)
 	return in, nil
 }
 
@@ -46,13 +47,14 @@ func NewTransactionalInmemHA(_ map[string]string, logger log.Logger) (physical.B
 		Backend: transInmem,
 		locks:   make(map[string]string),
 		logger:  logger,
+		l:       new(sync.Mutex),
 	}
 
 	in := &TransactionalInmemHABackend{
 		InmemHABackend: inmemHA,
 		Transactional:  transInmem.(physical.Transactional),
 	}
-	in.cond = sync.NewCond(&in.l)
+	in.cond = sync.NewCond(in.l)
 	return in, nil
 }
 

vault/cluster.go

@@ -343,31 +343,26 @@ func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) {
 	// of clustering as connections come and go
 
 	serverLookup := func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
-		switch {
-		default:
-			var localCert bytes.Buffer
+		var localCert bytes.Buffer
 
-			c.clusterParamsLock.RLock()
-			localCert.Write(c.localClusterCert)
-			localSigner := c.localClusterPrivateKey
-			parsedCert := c.localClusterParsedCert
-			c.clusterParamsLock.RUnlock()
-
-			if localCert.Len() == 0 {
-				return nil, fmt.Errorf("got forwarding connection but no local cert")
-			}
-
-			//c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName)
-
-			return &tls.Certificate{
-				Certificate: [][]byte{localCert.Bytes()},
-				PrivateKey:  localSigner,
-				Leaf:        parsedCert,
-			}, nil
+		c.clusterParamsLock.RLock()
+		localCert.Write(c.localClusterCert)
+		localSigner := c.localClusterPrivateKey
+		parsedCert := c.localClusterParsedCert
+		c.clusterParamsLock.RUnlock()
 
+		if localCert.Len() == 0 {
+			return nil, fmt.Errorf("got forwarding connection but no local cert")
 		}
 
-		return nil, nil
+		//c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName)
+
+		return &tls.Certificate{
+			Certificate: [][]byte{localCert.Bytes()},
+			PrivateKey:  localSigner,
+			Leaf:        parsedCert,
+		}, nil
+
 	}
 
 	clientLookup := func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {